git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
typo
[exim.git]
/
src
/
src
/
dkim.c
diff --git
a/src/src/dkim.c
b/src/src/dkim.c
index 5c9d2279e165767715385013862a330b81023c9d..92adb35897665f650653de3622c639f72800361f 100644
(file)
--- a/
src/src/dkim.c
+++ b/
src/src/dkim.c
@@
-3,6
+3,7
@@
*************************************************/
/* Copyright (c) University of Cambridge, 1995 - 2018 */
*************************************************/
/* Copyright (c) University of Cambridge, 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for DKIM support. Other DKIM relevant code is in
/* See the file NOTICE for conditions of use and distribution. */
/* Code for DKIM support. Other DKIM relevant code is in
@@
-21,6
+22,7
@@
void
params_dkim(void)
{
builtin_macro_create_var(US"_DKIM_SIGN_HEADERS", US PDKIM_DEFAULT_SIGN_HEADERS);
params_dkim(void)
{
builtin_macro_create_var(US"_DKIM_SIGN_HEADERS", US PDKIM_DEFAULT_SIGN_HEADERS);
+builtin_macro_create_var(US"_DKIM_OVERSIGN_HEADERS", US PDKIM_OVERSIGN_HEADERS);
}
# else /*!MACRO_PREDEF*/
}
# else /*!MACRO_PREDEF*/
@@
-267,6
+269,11
@@
else
"(headers probably modified in transit)]");
break;
"(headers probably modified in transit)]");
break;
+ case PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE:
+ logmsg = string_cat(logmsg,
+ US"signature invalid (key too short)]");
+ break;
+
default:
logmsg = string_cat(logmsg, US"unspecified reason]");
}
default:
logmsg = string_cat(logmsg, US"unspecified reason]");
}
@@
-405,7
+412,7
@@
for (pdkim_signature * sig = dkim_signatures; sig; sig = sig->next)
dkim_cur_sig = sig;
dkim_signing_domain = US sig->domain;
dkim_signing_selector = US sig->selector;
dkim_cur_sig = sig;
dkim_signing_domain = US sig->domain;
dkim_signing_selector = US sig->selector;
- dkim_key_length = sig->
sighash.len * 8
;
+ dkim_key_length = sig->
keybits
;
/* These two return static strings, so we can compare the addr
later to see if the ACL overwrote them. Check that when logging */
/* These two return static strings, so we can compare the addr
later to see if the ACL overwrote them. Check that when logging */
@@
-559,6
+566,7
@@
switch (what)
return US"pubkey_unavailable";
case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD:return US"pubkey_dns_syntax";
case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return US"pubkey_der_syntax";
return US"pubkey_unavailable";
case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD:return US"pubkey_dns_syntax";
case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT: return US"pubkey_der_syntax";
+ case PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE: return US"pubkey_too_short";
case PDKIM_VERIFY_FAIL_BODY: return US"bodyhash_mismatch";
case PDKIM_VERIFY_FAIL_MESSAGE: return US"signature_incorrect";
}
case PDKIM_VERIFY_FAIL_BODY: return US"bodyhash_mismatch";
case PDKIM_VERIFY_FAIL_MESSAGE: return US"signature_incorrect";
}
@@
-853,6
+861,9
@@
for (pdkim_signature * sig = dkim_signatures; sig; sig = sig->next)
g = string_cat(g,
US"fail (signature did not verify; headers probably modified in transit)\n\t\t");
break;
g = string_cat(g,
US"fail (signature did not verify; headers probably modified in transit)\n\t\t");
break;
+ case PDKIM_VERIFY_INVALID_PUBKEY_KEYSIZE: /* should this really be "polcy"? */
+ g = string_fmt_append(g, "fail (public key too short: %u bits)\n\t\t", sig->keybits);
+ break;
default:
g = string_cat(g, US"fail (unspecified reason)\n\t\t");
break;
default:
g = string_cat(g, US"fail (unspecified reason)\n\t\t");
break;
git://git.exim.org / exim.git / blobdiff